Authentication of a user to a telephonic communication device

ABSTRACT

The invention provides a method, system, and program product for authenticating a user to a telephonic communication device. In one embodiment, the invention includes obtaining a reference sample of an authorized user&#39;s voice, storing the reference sample of the authorized user&#39;s voice, collecting a sample of the voice of a user of the telephonic communication device, comparing the sample of the voice of the user to the reference sample of the authorized user&#39;s voice, determining whether the user is the authorized user, and in the case that the user is determined not to be the authorized user, prohibiting use of the telephonic communication device.

TECHNICAL FIELD

The invention relates generally to telephonic communication and, moreparticularly, to the authentication of a user to a telephoniccommunication device.

BACKGROUND OF THE INVENTION

Today, many telephonic communication devices (e.g., telephones, cellulartelephones, satellite telephones, etc.) include security features torestrict use of the device. This is particularly common in cellular andsatellite telephones, which are more susceptible to loss. A typicalsecurity feature employed in such devices is the use of a multi-digitcode to “unlock” the device and make its features available. Too often,however, such features are not enabled by a user because of theadditional time and effort required. Even when such features areenabled, they are often easily bypassed. Thus, many telephoniccommunication devices are left vulnerable to unauthorized use due to theinconvenience to authorized users in employing known security features.

SUMMARY OF THE INVENTION

The invention provides a method, system, and program product forauthenticating a user to a telephonic communication device.

A first aspect of the invention provides a method of authenticating auser to a telephonic communication device, the method comprising:obtaining a reference sample of an authorized user's voice; storing thereference sample of the authorized user's voice; collecting a sample ofthe voice of a user of the telephonic communication device; comparingthe sample of the voice of the user to the reference sample of theauthorized user's voice; determining whether the user is the authorizeduser; and in the case that the user is determined not to be theauthorized user, prohibiting use of the telephonic communication device.

A second aspect of the invention provides a system for authenticating auser to a telephonic communication device, the system comprising: asystem for obtaining a reference sample of an authorized user's voice; asystem for storing the reference sample of the authorized user's voice;a system for collecting a sample of the voice of a user of thetelephonic communication device; a system for comparing the sample ofthe voice of the user to the reference sample of the authorized user'svoice; a system for determining whether the user is the authorized user;and a system for prohibiting use of the telephonic communication device.

A third aspect of the invention provides a program product stored on acomputer-readable medium, which when executed, authenticates a user to atelephonic communication device, the program product comprising: programcode for obtaining a reference sample of an authorized user's voice;program code for storing the reference sample of the authorized user'svoice; program code for collecting a sample of the voice of a user ofthe telephonic communication device; program code for comparing thesample of the voice of the user to the reference sample of theauthorized user's voice; program code for determining whether the useris the authorized user; and program code for prohibiting use of thetelephonic communication device.

A fourth aspect of the invention provides a method for deploying anapplication for authenticating a user to a telephonic communicationdevice, comprising: providing a computer infrastructure being operableto: obtain a reference sample of an authorized user's voice; store thereference sample of the authorized user's voice; collect a sample of thevoice of a user of the telephonic communication device; compare thesample of the voice of the user to the reference sample of theauthorized user's voice; determine whether the user is the authorizeduser; and prohibit use of the telephonic communication device.

The illustrative aspects of the present invention are designed to solvethe problems herein described and other problems not discussed, whichare discoverable by a skilled artisan.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features of this invention will be more readilyunderstood from the following detailed description of the variousaspects of the invention taken in conjunction with the accompanyingdrawings that depict various embodiments of the invention, in which:

FIG. 1 shows the registration of a mobile telephone according to anembodiment of the invention;

FIG. 2 shows the authentication of a user to the mobile telephoneaccording to an embodiment of the invention;

FIG. 3 shows the prohibiting of an unauthorized user from using themobile telephone according to an embodiment of the invention;

FIG. 4 shows an authorized user overriding the authentication processaccording to an embodiment of the invention;

FIG. 5 shows a flow diagram of an illustrative method according to theinvention; and

FIG. 6 shows a block diagram of an illustrative system according to theinvention.

It is noted that the drawings of the invention are not to scale. Thedrawings are intended to depict only typical aspects of the invention,and therefore should not be considered as limiting the scope of theinvention. In the drawings, like numbering represents like elementsbetween the drawings.

DETAILED DESCRIPTION OF THE INVENTION

Referring now to the drawings, FIG. 1 shows a user 100 registering histelephonic communication device (here, a mobile telephone 110). Afterproviding a reference sample 102 of his voice, the reference sample 102is transmitted A, A′ using a communication system upon which the mobiletelephone 110 will operate. Here, for purposes of illustration,transmission is shown via a cellular telephone system 200 and asatellite telephone system 200′. One skilled in the art will recognizethat either, both, or other communication systems may be employed,depending on the type of telephonic communication device beingregistered.

The reference sample 102 is transferred to a storage device 300, whereit resides as a stored reference sample 302 of the user's voice. Asshown in FIG. 1, a single reference sample 102 is provided. In otherembodiments, additional reference samples may be provided. In such anembodiment, these additional reference samples may be stored separatelyon the storage device 300 or may be used to update the stored referencesample 302 (i.e., the stored reference sample may be modified to reflectboth the original reference sample 102 and any additional referencesamples of the user's voice). The provision of additional referencesamples may facilitate more accurate identification of the user 100 andauthentication of the user 100 to the mobile telephone 110.

In FIG. 2, a user 100 is shown using the mobile telephone 110 followingthe initial registration of FIG. 1. In using the mobile telephone 110,the user speaks into the mobile telephone 110, thus providing a sample104 of his voice. This sample 104 is transmitted C via the applicablecommunication system (here, a cellular telephone system 200) andtransferred D to the storage device 300, upon which the stored referencesample 302 resides.

A comparison is made between the sample 104 of the user's voice and thestored reference sample 302 and a determination is made as to whetherthe two “match” (i.e., it is determined whether the user 100 providingthe sample 104 had also provided the stored reference sample 302). Asused herein, the term “match” does not require that the sample 104 andstored reference sample 302 are identical. In practice, they almostcertainly will not be. Rather, the term “match” means that an algorithmor other method of comparison is made in order to determine whether thetwo samples are likely to have had a common origin. Various levels ofstringency may be defined for such comparisons and, in some cases, maybe user-defined.

It should be recognized, of course, that the comparison may be madeusing any number of voice comparison or authentication systems. Asuitable voice authentication system is described in U.S. Pat. No.7,212,613, which is incorporated herein as though fully set forth. Itshould also be recognized that the comparison of the sample 104 may beperformed by a voice comparison or authentication system that includesor is separate from the storage device 300 containing the storedreference sample 302.

The results of the comparison are transmitted E via the cellulartelephone system 200 and transferred F to the mobile telephone 110. Asshown in FIG. 2, the comparison resulted in a match between the sample104 and the stored reference sample 302. As such, the mobile telephone110 is granted continued access G to the cellular telephone system 200,enabling the user 100 to complete a call H to the mobile telephone 410of a call recipient 400.

In FIG. 3, I and J are analogous to C and D in FIG. 2. In FIG. 3, thecomparison transmitted K via the cellular telephone system 200 andtransferred L to the mobile telephone 110 indicates that the sample 502of the unauthorized user 500 does not match the stored reference sample302. As such, the call initiated by the unauthorized user 500 isdisconnected M, resulting in termination of the call N to the mobiletelephone 410 of the call recipient 400. In some embodiments of theinvention, only the active call is terminated (i.e., the unauthorizeduser 500 or some other user may then immediately make another call andgo through the same authentication procedure). In other embodiments, themobile telephone 100 may be “locked” or rendered non-functional for anextended period. Such a period may be predefined (e.g., 30 minutes) orevent-based (e.g., requiring an override using a security code orsimilar technique to render the mobile telephone 110 functional again).

Of course, it may be desirable, in some cases, for an authorized user(e.g., user 100) to permit an otherwise-unauthorized user (e.g.,unauthorized user 500) to use his or her mobile telephone 110 or othertelephonic communication device. In such a case, the user 100 mayprovide a voice sample 104, enter a security code 112, or both, eitheror both of which are then transmitted L via the cellular telephonesystem 200 and transferred J to the storage device 300 containing thestored reference sample 302, a stored security code, or both. As above,a comparison is made between the voice sample 104 and the storedreference sample 302 and/or the entered security code 112 and the storedsecurity code. The result of this comparison is then transmitted K backvia the cellular telephone system 200 and transferred L to the mobiletelephone 110.

In FIG. 4, O, P, Q, and R are analogous to C, D, E, and F in FIG. 2. Asshown in FIG. 4, the comparison resulted in a match between the voicesample 104 and the stored reference sample and/or between the enteredsecurity code 112 and the stored security code. The user 100 may thenprovide S the mobile telephone 110 to the unauthorized user 500, whosevoice is transmitted T via the cellular telephone system 200 during acall U to the mobile telephone 410 of a call recipient. While shown inFIGS. 2-4 as involving calls between mobile telephones, it should berecognized that the invention is applicable to the authentication of auser to any telephonic communication device and could facilitatecommunication between any combination of such devices (e.g., cellulartelephone and satellite telephone, satellite telephone and landlinetelephone, etc.).

In each of the above examples, authentication of a user is shown asoccurring once, early in the user's use of the mobile telephone.However, the invention also includes periodic or continuousauthentication of a user. For example, in some embodiments, theinvention includes authenticating the user every 60 seconds or someother applicable period. In other embodiments, authentication iscontinuous (i.e., the user's voice is continuously sampled and comparedto the stored reference sample). In some embodiments where periodic orcontinuous authentication is employed, a call is terminated upon anyauthentication failure. In other embodiments, a call may be terminatedfollowing a predetermined number of authentication failures or followinga predetermined number of successive authentication failures. Suchembodiments may be helpful, for example, where the stored referencesample 302 is not updated, as described above, and the likelihood ofspurious authentication failure is necessarily greater.

FIG. 5 shows a flow diagram of an illustrative method according to anembodiment of the invention. At S1, a reference sample of an authorizeduser (e.g., the purchaser of the telephonic communication device) isobtained (e.g., recorded from an input portion of the device). In somecases, it may be desirable to have the authorized user read apre-determined script in order to standardize and improve the accuracyof the authentication system employed.

At S2, the reference sample is stored for future comparisons andauthentication. As noted above, S1 and S2 may be iteratively looped toprovide a more accurate reference sample.

At S3, an authorized user may optionally override the authenticationprocess, such that use of the device is then permitted at S9. If nooverride is made at S3, a sample of a user's voice is collected at S4and, at S5, compared to the reference sample stored at S2.

At S6, it is determined whether the sample collected at S4 “matches” thereference sample stored at S2. As noted above, the term “match” is notmeant to suggest that the samples need be identical. If the samples“match,” i.e., “Yes” at S6, use of the device is permitted at S9. If thesamples do not match, i.e., “No” at S6, use of the device is prohibitedat S7. As explained above, such prohibition may simply includetermination of a extant call. Alternatively, the device may be renderednon-functional for a period S8 or until some other event occurs, atwhich point a voice sample may be again collected at S4.

FIG. 6 shows an illustrative system 10 for authenticating a user to atelephonic communication device. To this extent, system 10 includes acomputer infrastructure 12 that can perform the various process stepsdescribed herein for authenticating a user to a telephonic communicationdevice. In particular, computer infrastructure 12 is shown including acomputer system 14 that comprises an authenticating system 40, whichenables computer system 14 to authenticate a user to a telephoniccommunication device by performing the process steps of the invention.

Computer system 14 is shown including a processing unit 20, a memory 22,input/output (I/O) interfaces 26, and a bus 24. Further, computer system14 is shown in communication with external devices 28 and a storagesystem 30. As is known in the art, in general, processing unit 20executes computer program code, such as communication authenticatingsystem 40, that is stored in memory 22 and/or storage system 30. Whileexecuting computer program code, processing unit 20 can read and/orwrite data from/to memory 22, storage system 30, and/or I/O interface26. Bus 24 provides a communication link between each of the componentsin computer system 14. External devices 28 can comprise any device thatenables a user (not shown) to interact with computer system 14 or anydevice that enables computer system 14 to communicate with one or moreother computer systems.

In any event, computer system 14 can comprise any general purposecomputing article of manufacture capable of executing computer programcode installed by a user (e.g., a personal computer, server, handhelddevice, etc.). However, it is understood that computer system 14 andcommunication authenticating system 40 are only representative ofvarious possible computer systems that may perform the various processsteps of the invention. To this extent, in other embodiments, computersystem 14 can comprise any specific purpose computing article ofmanufacture comprising hardware and/or computer program code forperforming specific functions, any computing article of manufacture thatcomprises a combination of specific purpose and general purposehardware/software, or the like. In each case, the program code andhardware can be created using standard programming and engineeringtechniques, respectively.

Similarly, computer infrastructure 12 is only illustrative of varioustypes of computer infrastructures for implementing the invention. Forexample, in one embodiment, computer infrastructure 12 comprises two ormore computer systems (e.g., a server cluster) that communicate over anytype of wired and/or wireless communications link, such as a network, ashared memory, or the like, to perform the various process steps of theinvention. When the communications link comprises a network, the networkcan comprise any combination of one or more types of networks (e.g., theInternet, a wide area network, a local area network, a virtual privatenetwork, etc.). Regardless, communications between the computer systemsmay utilize any combination of various types of transmission techniques.

As previously mentioned, the authenticating system 40 enables thecomputer system 14 to authenticate a user to a telephonic communicationdevice. To this extent, the authenticating system 40 is shown includinga sample obtaining system 42, a sample storing system 44, a samplecollecting system 46, a comparing system 48, a determining system 50,and a prohibiting system 52. Operation of each of these systems isdiscussed above. The authenticating system 40 may further include othersystem components 54 to provide additional or improved functionality tothe authenticating system 40. It is understood that some of the varioussystems shown in FIG. 6 can be implemented independently, combined,and/or stored in memory for one or more separate computer systems 14that communicate over a network. Further, it is understood that some ofthe systems and/or functionality may not be implemented, or additionalsystems and/or functionality may be included as part of system 10.

While shown and described herein as a method and system forauthenticating a user to a telephonic communication device, it isunderstood that the invention further provides various alternativeembodiments. For example, in one embodiment, the invention provides acomputer-readable medium that includes computer program code to enable acomputer infrastructure to authenticate a user to a telephoniccommunication device. To this extent, the computer-readable mediumincludes program code, such as authenticating system 40, that implementseach of the various process steps of the invention. It is understoodthat the term “computer-readable medium” comprises one or more of anytype of physical embodiment of the program code. In particular, thecomputer-readable medium can comprise program code embodied on one ormore portable storage articles of manufacture (e.g., a compact disc, amagnetic disk, a tape, etc.), on one or more data storage portions of acomputer system, such as memory 22 and/or storage system 30 (e.g., afixed disk, a read-only memory, a random access memory, a cache memory,etc.), and/or as a data signal traveling over a network (e.g., during awired/wireless electronic distribution of the program code).

In another embodiment, the invention provides a business method thatperforms the process steps of the invention on a subscription,advertising, and/or fee basis. That is, a service provider could offerto authenticate a user to a telephonic communication device, asdescribed above. In this case, the service provider can create,maintain, support, etc., a computer infrastructure, such as computerinfrastructure 12, that performs the process steps of the invention forone or more customers. In return, the service provider can receivepayment from the customer(s) under a subscription and/or fee agreementand/or the service provider can receive payment from the sale ofadvertising space to one or more third parties.

In still another embodiment, the invention provides a method ofgenerating a system for authenticating a user to a telephoniccommunication device. In this case, a computer infrastructure, such ascomputer infrastructure 12, can be obtained (e.g., created, maintained,having made available to, etc.) and one or more systems for performingthe process steps of the invention can be obtained (e.g., created,purchased, used, modified, etc.) and deployed to the computerinfrastructure. To this extent, the deployment of each system cancomprise one or more of (1) installing program code on a computersystem, such as computer system 14, from a computer-readable medium; (2)adding one or more computer systems to the computer infrastructure; and(3) incorporating and/or modifying one or more existing systems of thecomputer infrastructure, to enable the computer infrastructure toperform the process steps of the invention.

As used herein, it is understood that the terms “program code” and“computer program code” are synonymous and mean any expression, in anylanguage, code or notation, of a set of instructions intended to cause acomputer system having an information processing capability to perform aparticular function either directly or after either or both of thefollowing: (a) conversion to another language, code or notation; and (b)reproduction in a different material form. To this extent, program codecan be embodied as one or more types of program products, such as anapplication/software program, component software/a library of functions,an operating system, a basic I/O system/driver for a particularcomputing and/or I/O device, and the like.

The foregoing description of various aspects of the invention has beenpresented for purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formdisclosed, and obviously, many modifications and variations arepossible. Such modifications and variations that may be apparent to aperson skilled in the art are intended to be included within the scopeof the invention as defined by the accompanying claims.

1. A method of authenticating comprising: obtaining a reference sampleof an authorized user; storing the reference sample; providing theauthorized user an option to use a telephonic communication deviceimmediately or collect an initial sample after said storing step;collecting the initial sample of from a user of the telephoniccommunication device; comparing the initial sample the user to thereference sample; determining whether the user is the authorized user;and in the case that the user is determined not to be the authorizeduser, prohibiting use of the telephonic communication device; anddetermining whether to continue an activation of the telephoniccommunication device by: collecting at least one subsequent sample ofthe user of the telephonic communication device; comparing the at leastone subsequent sample to the reference sample; and prohibiting use ofthe telephonic communication device in response to the at least onesubsequent sample not matching the reference sample.
 2. The method ofclaim 1, further comprising: in the case that the user is determined tobe the authorized user, permitting use of the telephonic communicationdevice.
 3. The method of claim 1, further comprising: obtainingadditional reference samples of the authorized user; and storing theadditional reference samples.
 4. The method of claim 3, wherein storingthe additional reference samples includes revising the reference sampleto include the additional reference samples.
 5. The method of claim 1,wherein obtaining includes recording an input of the telephoniccommunication device.
 6. The method of claim 1, wherein the referencesample includes the authorized user's reading of a pre-determinedscript.
 7. The method of claim 1, wherein prohibiting includesterminating a communication using the telephonic communication device.8. The method of claim 1, further comprising: permitting an authorizeduser to override the prohibiting use of the telephonic communicationdevice.
 9. The method of claim 8, wherein overriding includes: providinga sample of the authorized user.
 10. The method of claim 9, whereinoverriding further includes: entering an override code using thetelephonic communication device.
 11. The method of claim 1, wherein thetelephonic communication device is selected from a group consisting of:a cellular telephone and a satellite telephone.
 12. The method of claim1, wherein the determining whether to continue the activation of thetelephonic communication device is performed at least one ofperiodically and continuously.
 13. The method of claim 12, whereinperiodically is taking the at least one subsequent sample after adetermined time interval.
 14. The method of claim 12, whereincontinuously is taking the at least one subsequent sample each time theauthorized user speaks.
 15. A system for authenticating comprising: asystem for obtaining a reference sample of an authorized user; a systemfor storing the reference sample; a system for providing the authorizeduser an option to use a telephonic communication device immediately orcollect an initial sample after said storing step; a system forcollecting the initial sample from a user of the telephoniccommunication device; a system for comparing the initial sample to thereference sample; a system for determining whether the user is theauthorized user; a system for prohibiting use of the telephoniccommunication device; and a system for determining whether to continuean activation of the telephonic communication device by: a system forcollecting at least one subsequent sample of the user of the telephoniccommunication device; a system for comparing the at least one subsequentsample to the reference sample; and a system for prohibiting use of thetelephonic communication device in response to the at least onesubsequent sample not matching the reference sample.
 16. A programproduct stored on a non-transitory computer-readable medium, which whenexecuted, authenticates comprising: program code for obtaining areference sample of an authorized user; program code for storing thereference sample; program code for providing the authorized user anoption to use a telephonic communication device immediately or collectan initial sample after said storing step; program code for collectingthe initial sample from a user of the telephonic communication device;program code for comparing the initial sample to the reference sample;program code for determining whether the user is the authorized user;and program code for prohibiting use of the telephonic communicationdevice; program code for determining whether to continue an activationof the telephonic communication device by: collecting at least onesubsequent sample of the user of the telephonic communication device;comparing the at least one subsequent sample to the reference sample;and prohibiting use of the telephonic communication device in responseto the at least one subsequent sample not matching the reference sample.17. The program product of claim 16, further comprising: program codefor obtaining additional reference samples of the authorized user; andprogram code for storing the additional reference samples.
 18. Theprogram product of claim 16, further comprising: program code foroverriding the prohibiting of use of the telephonic communicationdevice.
 19. A method for deploying an application for authenticating,comprising: providing a computer infrastructure being operable to:obtain a reference sample of an authorized user; store the referencesample; provide the authorized user an option to use a telephoniccommunication device immediately or collect an initial sample after saidstoring step; collecting the initial sample from a user of thetelephonic communication device; comparing the initial sample to thereference sample; determining whether the user is the authorized user;and prohibiting use of the telephonic communication device; determinewhether to continue an activation of the telephonic communication deviceby: collecting at least one subsequent sample of the user of thetelephonic communication device; comparing the at least one subsequentsample to the reference sample; and prohibiting use of the telephoniccommunication device in response to the at least one subsequent samplenot matching the reference sample.
 20. The method of claim 19, whereinthe computer infrastructure is further operable to: obtain additionalreference samples of the authorized user; and store the additionalreference samples.
 21. The method of claim 19, wherein the computerinfrastructure is further operable to: override the prohibiting of useof the telephonic communication device.